Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Qual: Prevent potential JS injection

Browse Source
This commit is contained in:
Raphaël Doursenaud
2014-04-23 14:21:58 +02:00
parent 0058bea8e0
commit 79fe0a1658
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/js/lib_head.js
View File

@@ -554,7 +554,9 @@ function newpopup(url,title) {
tmp=url;
var l = (argc > 2) ? argv[2] : 600;
var h = (argc > 3) ? argv[3] : 400;
var wfeatures="directories=0,menubar=0,status=0,resizable=0,scrollbars=1,toolbar=0,width="+l+",height="+h+",left=" + eval("(screen.width - l)/2") + ",top=" + eval("(screen.height - h)/2");
var left = (screen.width - l)/2;
var top = (screen.height - h)/2;
var wfeatures = "directories=0,menubar=0,status=0,resizable=0,scrollbars=1,toolbar=0,width=" + l +",height=" + h + ",left=" + left + ",top=" + top;
fen=window.open(tmp,title,wfeatures);
return false;
}